19b301383ac8514350239ec0ade8748e78659e18aad01fd71ef4f461fb30e512

Analysis

max time kernel
140s
max time network
170s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
15/11/2023, 10:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

19b301383ac8514350239ec0ade8748e78659e18aad01fd71ef4f461fb30e512.exe
Size

4.1MB
MD5

8fb56ec4a5ed5cfe783d83d265b6e7e2
SHA1

fe39baacac1160be00ef9c1db1b32b43ea203c8a
SHA256

19b301383ac8514350239ec0ade8748e78659e18aad01fd71ef4f461fb30e512
SHA512

446859f2b249389692a46e4655ed59a0d067f725147cb1c976025cdba5e472c3c5e5ce81755fb0e8bfde6de87947eedc7553e4a1bf35fdc7580b7f7110a93bd2
SSDEEP

49152:Wb2XfWHdZ8BhE7K2dEj9GY+r5u8QeKxFOJxdb4vZKVe:U2XeHdZChmK2dZKdzOJDb4v+e

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2660	19b301383ac8514350239ec0ade8748e78659e18aad01fd71ef4f461fb30e512.exe
2660	19b301383ac8514350239ec0ade8748e78659e18aad01fd71ef4f461fb30e512.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2660	19b301383ac8514350239ec0ade8748e78659e18aad01fd71ef4f461fb30e512.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2660	19b301383ac8514350239ec0ade8748e78659e18aad01fd71ef4f461fb30e512.exe

C:\Users\Admin\AppData\Local\Temp\19b301383ac8514350239ec0ade8748e78659e18aad01fd71ef4f461fb30e512.exe
"C:\Users\Admin\AppData\Local\Temp\19b301383ac8514350239ec0ade8748e78659e18aad01fd71ef4f461fb30e512.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
977a89a92e6631e12878152c244d4246

SHA1
20fa728d3b6589e0f768dad84dc4269a15a23ac0

SHA256
97eb2f09f9118badb0f28ab1fa21b539bed44cf230c988bd500e3f5395c08ffd

SHA512
10a871ff0e52f90bc0b6835d9ac37c6775e933c400a8605f599a6b9dcd113bcc5a74ff40f3fbe57c29929a9199250f6abf5624e36850be61b4fe1c7583f3c315

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
10KB

MD5
60d717c07c136b57ad5b35b7e33a520a

SHA1
053f873e0ea083ed7e2eb77cb8f663173edcf31c

SHA256
c453df65acef87f357eb7db7b5dc99f4aebe3fff83c43701c5bb07363159c62e

SHA512
6f004811a079facb992186a347f0bece720a585c5a50eaa58bff7b933fd7c3d04d65f349ca2bc211f6f490fd466b41a3984c4fedab5773d39a4c1253ee14f128

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
2ed25aed192b45a787cbb8905f3e88e0

SHA1
003374b35ea8931383aa1a8434f4d1b00a361dd7

SHA256
4a396f3939386ca1020cbdd7d699f74de88f24cfa78d5653580e09f307e33965

SHA512
354bb5efee7d3c1feb072ee5359d700c52082499b65fa654b6739c2e6ab09867c608d5438ca3ec60462c8d1be0485189398b625aa9f181b57b83714887ea7a6e

Download Submit
\Users\Admin\AppData\Local\Temp\ybF92E.tmp

Filesize
155.2MB

MD5
bff5e7499c471625725a2e6c81949d39

SHA1
c4f57b4c59e1c3353936fbb7403335aee65d8451

SHA256
a3fcea5933dc50cc1186bd28969a562b56af0f543b0f22eb8fd23e686dd29796

SHA512
09c3a8a7d33adfd35a74526ae9c3e015139070a44aa70632e1b578938699f0b6b45038feadcdb9455607ea68237d90bd9b6b6548ba24de0447a438184942d8cc

Download Submit
\Users\Admin\AppData\Local\Temp\ybF92E.tmp

Filesize
155.2MB

MD5
bff5e7499c471625725a2e6c81949d39

SHA1
c4f57b4c59e1c3353936fbb7403335aee65d8451

SHA256
a3fcea5933dc50cc1186bd28969a562b56af0f543b0f22eb8fd23e686dd29796

SHA512
09c3a8a7d33adfd35a74526ae9c3e015139070a44aa70632e1b578938699f0b6b45038feadcdb9455607ea68237d90bd9b6b6548ba24de0447a438184942d8cc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads